Downloading unknown attachments and sharing passwords are well-known security violations, but an even greater threat is posed by well-intentioned users who can’t tell their systems have been attacked, says an executive with a Toronto-based service firm.

Marcus Shields, enterprise product manager

of Toronto-based network security vendor Soltrus Inc., says IT administrators can scan systems for spyware and viruses, but the average user won’t always notice malware on their machines.

“”The user looks at it and says, ‘Well, I think I’m okay,’ the administrator looks at it and says, ‘Well, you think you’re okay and we just checked and you’re not okay,'”” Shields said.

Comparing computers to cars, Shields said IT administrators cannot expect the average user to be able to detect a subtle deterioration in a machine’s performance.

“”I know (a car) is supposed to drive at a certain speed when I press the gas. If it stops doing that, then I recognize that I have a problem. You can think of computers in the same way.””

In a recent survey of 175 IT staff and users, Soltrus found users had more confidence in their IT security savvy than their IT support staff. Eighty-five per cent of users said they were “”well”” to “”moderately aware”” of their company’s security issues and polices, but only 43 per cent of enterprise IT staff felt their users were “”moderately educated on IT security.””

Working from home is causing security problems, Shields said, because users often unwittingly download spyware that could give hackers access to company records.